Square Enix confirms website hack, email addresses and resumes stolen

Deus Ex Human RevolutionResumes of job hunters and email addresses of video game fans have been stolen by hackers in an attack on the Eidos and “Deus Ex: Human Revolution” websites.

Square Enix, the parent company of Eidos, confirmed the hack in a PDF press release. (Why do companies publish their press releases as PDFs, anyway? That’s just daft.)

Here’s part of the statement from Square Enix:

Square Enix can confirm a group of hackers gained access to parts of our Eidosmontreal.com website as well as two of our product sites. We immediately took the sites offline to assess how this had happened and what had been accessed, then took further measures to increase the security of these and all of our websites, before allowing the sites to go live again.

Sign up to our free newsletter.
Security news, advice, and tips.

Eidosmontreal.com does not hold any credit card information or code data, however there are resumes which are submitted to the website by people interested in jobs at the studio. Regrettably up to 350 of these resumes may have been accessed, and we are in the process of writing to each of the individuals who may have been affected to offer our sincere apologies for this situation. In addition, we have also discovered that up to 25,000 email addresses were obtained as a result of this breach. These email addresses are not linked to any additional personal information. They were site registration email addresses provided to us for users to receive product information updates.

There are two main risks here.

One threat is that if your email address is one of the 25,000 that has been stolen, you could receive a scam email (perhaps containing a malicious link or attached Trojan horse) that pretends to come from a video game company. After all, the hackers know that you’re interested enough in video games to give your email address to Eidos.

Secondly, the resumes from job hunters. This is a more serious problem. Just think of all the personal information you include on your CV: full name, date of birth, email and home address, telephone number, job history. This kind of information is a god-send to identity thieves interested in defrauding internet users.

So, it seems Sony is not the only video game company to be having problems with its computer security.

Lets hope the continuing stream of stories of companies having customer data stolen from them makes them take security more seriously in the future.

More information about the hack can be found on the KrebsOnSecurity blog.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.